myStart-Problem unsicher ob wirklich behoben

halloihrda · 02.11.2012, 19:48

Liebes Trojanerboardteam,

ich habe mir über FirefoxAddon ein Addon runtergeladen, habe gesehen, dass es gute Bewertungen hat und auch über WOT sicher aussah (Habe einen Windows 7 64 bit-PC).

Falsch gedacht... beim nächsten Start von Firefox war auf einmal MYStart meine neue Startseite, die fehlermeldung bei falschen Internetaddressen ("fehler: Server nicht gefunden...") war verändert und und die Searchbar um einen Punkt erweitert.

Also die neue Suchmaschine aus der Bar rausgelöscht, Startseite zurückgesetzt und Proxy umleitung beendet, aber beim nächsten Firefox Start war wieder MyStart als Startseite da.

Habe jetz einen Systemwiederherstellungspunkt von heute Mittag gewählt und es scheint auch wieder gut zu funktionieren. MSE hat beim schnell durchlauf keine Probleme gemeldet.

Kann ich mir da sicher sein, dass das auch wieder ganz ok ist, wie kann ich das überprüfen.

Vielen Dank schon im Vorraus,

halloihrda
Edit: bin die Anleitung hier durchgegangen, nichts gefunden nach dem Muster: http://www.trojaner-board.de/122287-...entfernen.html
Edit 2: auch MWB zeigt nichts allzu verdächtiges:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.02.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: *****-PC [Administrator]

02.11.2012 20:20:08
mbam-log-2012-11-02 (20-24-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 262698
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\*****\Downloads\coretemp_rc3_1236.exe (PUP.BundleOffers.IIQ) -> Keine Aktion durchgeführt.

(Ende)

cosinus · 03.11.2012, 18:04

Zitat:

ich habe mir über FirefoxAddon ein Addon runtergeladen,

Warum machst du aus dem Namen dieser Erweiterung ein Geheimnis?

Wo genau hast du das Teil runtergeladen?

halloihrda · 03.11.2012, 18:28

Hallo, vielen Dank für die Antwort!

Addon: EASYYoutubeDonwloader
Ort: Der Firefox-Reiter Addons https://addons.mozilla.org/de/firefox/extensions/download-management/

Ich habe mich auf eurer Seite heute noch weiter damit beschäftigt, das hängt anscheined mit einem "yoodo" programm zusammen, das sich installiert hat, obwohl ich den haken aus dem kästchen rausgemacht habe...

Vielen Dank schonmal,
halloihrda

cosinus · 03.11.2012, 18:36

Gibt es noch weitere Logs mit Funden?
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

halloihrda · 03.11.2012, 18:38

nein, das ist alles, habe den einen Fund nur noch nachträglich gelöscht, mse hat auch nichts angezeigt.

Viele Grüße
halloihrda

cosinus · 03.11.2012, 18:41

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

halloihrda · 03.11.2012, 19:12

Hier die Logs:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 03.11.2012 18:45:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allgemein\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,92 Gb Available Physical Memory | 86,67% Memory free
15,96 Gb Paging File | 14,23 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 244,74 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive D: | 2,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Allgemein\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Allgemein\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Users\Allgemein\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\My Lockbox\mylbx.exe (FSPro Labs)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Programme\My Lockbox\FSPFlt.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (FSProFilter) -- C:\Windows\SysNative\drivers\FSPFltd.sys (FSPro Labs)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=1279306050904921&p2=^A9T^YYYYYY^YY^DE
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 D1 A2 AB DF 2A CD 01  [binary data]
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 D8 89 DC 2C B9 CD 01  [binary data]
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-333205402-440210070-1915747329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 19:16:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.22 11:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.11.02 19:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\97xtdero.default\extensions
[2012.11.02 19:16:52 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\97xtdero.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.02 19:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\97xtdero.default\extensions\staged
[2012.11.02 18:54:02 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\97xtdero.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.09.10 13:10:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\97xtdero.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.31 23:20:51 | 000,002,112 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\97xtdero.default\searchplugins\wot-safe-search.xml
[2012.05.17 14:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.23 00:07:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.23 00:07:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.23 00:07:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.23 00:07:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.23 00:07:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.30 22:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2012.09.23 00:07:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.23 00:07:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-333205402-440210070-1915747329-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-333205402-440210070-1915747329-1001..\Run: [Spotify Web Helper] C:\Users\Allgemein\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Allgemein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00DAEF2-731D-4D10-911E-02639871DBF6}: NameServer = 192.168.211.11
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.02 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.11.02 20:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.02 20:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.02 20:18:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.02 20:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.02 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\yolobartb
[2012.11.02 18:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012.11.02 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.11.01 00:32:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.11.01 00:32:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.11.01 00:32:01 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.11.01 00:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2012.11.01 00:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012.11.01 00:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.10.31 23:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.10.31 23:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.10.31 23:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.10.31 23:26:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Downloaded Installations
[2012.10.31 23:18:34 | 000,000,000 | ---D | C] -- C:\Temp
[2012.10.20 16:47:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Dropbox
[2012.10.10 09:22:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 09:22:06 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 09:22:06 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 09:21:59 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 09:21:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 09:21:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 09:21:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 09:21:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 09:21:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 09:21:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 09:21:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 09:21:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 09:21:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 09:21:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 09:21:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 09:21:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 09:21:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 09:21:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 09:21:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 09:21:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 09:21:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 09:21:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 09:21:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 09:21:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 09:21:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 09:21:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 09:21:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 09:21:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 09:21:46 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 09:21:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.05 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SplitMediaLabs
[2012.10.05 14:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012.10.05 14:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2012.10.05 14:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012.10.05 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SplitMediaLabs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 18:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 16:53:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 10:46:24 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 10:46:24 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 10:44:01 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.03 10:44:01 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.03 10:44:01 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.03 10:44:01 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.03 10:44:01 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.03 10:37:47 | 2131,857,407 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 20:57:12 | 000,001,376 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.11.01 00:28:17 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk
[2012.10.09 20:31:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 20:31:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.01 00:28:17 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk
[2012.09.26 10:11:00 | 000,001,376 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.06.17 23:25:04 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.06.17 23:25:04 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.03.23 20:41:45 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.23 20:41:44 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.22 12:00:30 | 005,325,856 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.03.22 11:54:20 | 005,260,320 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.03.22 11:42:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.03.22 11:42:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.22 11:16:31 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.22 11:12:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.22 10:56:02 | 000,036,968 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.03.22 10:52:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.22 10:52:47 | 000,028,651 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---
[/code]

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.11.2012 18:45:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allgemein\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,92 Gb Available Physical Memory | 86,67% Memory free
15,96 Gb Paging File | 14,23 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 244,74 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive D: | 2,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-333205402-440210070-1915747329-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{212AFD13-727E-4676-9FFB-B3BA05A0F94D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C3E1FC7-698C-4EF3-A298-BF4C05FF3EAE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4EC9F782-AB27-4090-9362-3AC9B9E6C764}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5EAFCC5E-F8C2-4C6B-92BA-116389710F8D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{66401D2C-35AC-4C46-B2B1-DEBDA3EB27D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{67FE3B60-245E-407B-AD5F-8F1A740898A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7E962358-099D-4E05-992D-C62AD7BB2BE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{84E0AD60-9EF4-4D76-8B8F-079FB96D6E98}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A345B3E8-9A1F-4A6E-8913-1FA656864AED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A3FADB06-5850-42F1-B001-85200B40A554}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8E05357-9434-41C5-85EB-3C69BCE83400}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEDE25D1-964F-408A-A8F2-0AD84AF1793B}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F415A6-77D9-4C91-9534-A39380580E71}" = protocol=6 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | 
"{09D6385E-C7E6-4B43-9320-7AB607E4A1DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1045BC7A-A4B0-4FB1-B2E8-708F6EDEB4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{11595F1A-EFC8-4660-912B-7EAF485B5257}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{116C2FAB-2909-40E7-844F-01ED8DCE7921}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{153F715F-C3B1-464F-B50B-2658D2AAD51C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1DE7F37A-5DBF-4152-8850-FD177B04E2E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20095E0F-8E94-4846-BB77-B5233AC844AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2943D845-A82D-41B8-B02B-31E7AC903A34}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2C079C2B-E26C-43F6-80FA-066D9223D318}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{34CFCA1E-3309-48E9-90E6-834DFB2AADEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{36699FC9-981F-4011-A4C1-23C62548A9B0}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
"{3B926AF8-779D-4625-A7C4-BB2F82686164}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{3F3CFB73-AA36-4B98-824A-FA00130C6300}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4496DD82-0AEE-4A36-98C1-89318373CAE6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4585F97A-8782-4466-A9F2-EDEAE8512D11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{484D65E3-A07A-4E4F-821C-AC01306DF648}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A813755-538E-49DC-8792-AF6EDDA40291}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{557B8DD9-EC3F-4097-AF38-3249D10451BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C2784FE-B51F-4C27-8A53-19CAE3AEB12F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{5D430F2B-F5C0-4166-A2C4-59710024882E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{62C46A83-4B01-4662-A847-3A1E0F24648E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{6412063E-1A89-4263-B809-1B5A9BF0AD04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A000B09-869B-4BF2-9A4F-CE2F8058D0FE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{6B395E90-B951-42C4-B69C-417B55894061}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{6DB572F4-7F14-4936-8D82-E723C24E45D2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{6E937193-FF5C-4DBF-B10B-A7124E77261A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{701798E4-CB67-4669-A9CC-B853FE0832FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{70C49653-75B9-4731-8868-183FF3E670B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7129BC5D-8BBE-400B-89EC-836DF004B96C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7252DBFA-08AB-4923-9F26-778265E8DAF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{741F9932-C90D-4E4B-8B86-1A79F09B806B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7755B3BF-6A39-413B-9D6B-2B51F44CC8F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7F7C7B3B-CC2D-4A60-A4ED-C682363A9966}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8103BDBE-549F-4A62-9522-BD7CD7A7133E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{84ACB5EB-558C-427F-9373-399DB31A0B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{84FC18DF-A754-498A-A5D5-D208F837C760}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{86E18A31-88CB-4D7C-BB67-6A7BC7A761F1}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{88E04731-88C4-42D5-87D7-1B915C2C3876}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{930DA517-B8F0-481D-B96D-638C856FC920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{947BE626-7A4B-4412-B94B-4294D6E23A55}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{9872033A-960C-40D1-BB3D-9FE0195A1FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{9C918BA7-FD73-43E1-854B-62A730D731EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{9CA5CF2A-57F1-4966-B5C0-6D9CC7651A33}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9EE14AC3-B0E4-46C6-853C-5916F5E7F834}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{A92A671A-4B96-4DBC-B5A8-260AC37CD663}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{B79F636E-09B3-419E-82F2-53412FF1B635}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BBDB720C-3707-474F-A378-FD722254E93F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{BCB13B55-CCA6-4E47-B754-02722BA699CE}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{C7A4D9FB-9929-4FF7-B593-7235F277EE5E}" = protocol=17 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D3AC236A-3A19-47F1-A5AD-F53F5EBBFA40}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D6238CF9-C214-44A9-9F47-D50D1F0CEFAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D7AAEC6D-30EF-4EDC-B838-A9CBADB61747}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E17ED5C3-9C23-4A7F-851D-1686F8175242}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E231CF8D-08CF-4D25-AFDE-C0BFB2903BF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E85F75D7-4F68-4FCA-927F-BB572EC83435}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EAC7E779-F181-47FE-8344-D3DDCFD5D190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDFAED7C-6DA9-487C-85DB-FC8C6073285F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{F0639979-9E71-4458-8E30-9C4C7C8CA65A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{F0F85AF8-7BE7-4003-9122-F049ECA04E59}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F33327D8-6D7E-47E8-BB9B-2338A076D7FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F4600EDE-E1C7-420E-AAF3-6EF1377D17F2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F9128883-75C8-433F-BD8C-5D69C08F7416}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{1BA60797-7898-4CC1-8081-ED36A275D13E}C:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{1F38BED2-0D0C-4E5E-AC84-813574B3414C}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe | 
"TCP Query User{353E0D92-073E-4918-807B-F3C3A7D317FB}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{4301DD79-7F97-41F1-BFDA-6E860E4EF01D}C:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe | 
"TCP Query User{4E192CB5-BB71-478A-8608-3002A439C7BB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{6C55FF70-09A2-4945-B85E-23AEB91E9176}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{73CB0788-19BA-4F0A-9559-124008FE343C}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"TCP Query User{77668989-4B77-45B7-B97E-185CFB2B19CD}C:\users\david\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\gw2.exe | 
"TCP Query User{A3B42615-71C1-46CC-A04A-0A00025C3197}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{A5779548-7501-464F-9B25-6FC0514BF929}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{C2AEF198-26EB-4705-9934-9A2D6923C099}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{CBF75C3D-BCDF-4D87-AE6E-570EC273770B}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe | 
"TCP Query User{E34E3488-E086-4831-B7E7-0C35D0434C5C}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{F230189B-8FC4-40FC-963C-08EEC0AD3458}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{F6B082B0-EDA6-45B2-80A5-274502B0206C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{F71CD0F8-314B-4999-A1F0-E48DDD04F492}C:\users\allgemein\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\allgemein\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{FB0507FA-B127-4187-B43A-24F2DCCF575A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{0CBF8870-13CE-4CA3-BE30-FAC04CBE131A}C:\unreal anthology\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe | 
"UDP Query User{15B465D8-1627-451D-966E-B9AA036D056A}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{16653962-80F8-45AD-AF36-DF7A5F9271D7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{22AD7DD6-A7E9-45C8-B56B-C7FBAD201C07}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{2E2AF944-3DD7-4D12-9D95-3E30E699554E}C:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\allgemein\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{417DCEC0-9C4B-40FD-9390-A32E3BCDCB08}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{49E80554-BB75-48B6-A446-976378E62753}C:\users\david\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\gw2.exe | 
"UDP Query User{66BACE64-03A6-43C9-8937-08BC9892F71D}C:\users\allgemein\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\allgemein\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{72ECE324-ADFB-4A59-925B-DE27E4FA70B6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{86E0B3E2-3E7B-49F4-BF40-6F734CF4870D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{9E9C4F1D-3FDE-4C94-9633-481CB0D36667}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{A16136B5-74CB-4EE3-9A7E-7129E6DC53FC}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{AA313DDF-A512-49C5-91AD-A4FBD6BEE088}C:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stoneu\team fortress 2\hl2.exe | 
"UDP Query User{B4314DB2-1A59-4D23-85FD-7D0D43E974FA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{D1C475FA-39E4-47CA-99D9-FA810245D0E1}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{DBB9FFA9-2036-4B6A-8868-B0031316057F}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe | 
"UDP Query User{F8320DF1-FF1D-4D3B-8363-95219515C87C}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"My Lockbox_is1" = My Lockbox 2.8.2
"Sandboxie" = Sandboxie 3.74 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}" = Razer Arctosa
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}" = HTC Sync Manager
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"ASUS WebStorage" = ASUS WebStorage
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 205790" = Dota 2 Test
"Steam App 212800" = Super Crate Box
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SumatraPDF" = SumatraPDF
"Warcraft III" = Warcraft III
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-333205402-440210070-1915747329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.11.2012 09:14:20 | Computer Name = *****-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.11.2012 09:14:20 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 02.11.2012 09:14:20 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error - 02.11.2012 09:14:21 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.11.2012 09:14:21 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001
 
Error - 02.11.2012 09:14:21 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001
 
Error - 02.11.2012 09:14:22 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.11.2012 09:14:22 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9999
 
Error - 02.11.2012 09:14:22 | Computer Name = *****PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9999
 
Error - 02.11.2012 14:19:29 | Computer Name = *****PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.11.2012 05:39:43 | Computer Name = *****PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 12.09.2012 14:02:09 | Computer Name = *****-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 12.09.2012 14:02:09 | Computer Name = *****PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1086 NULL object. Cannot establish a connection at this time.
 
Error - 12.09.2012 18:41:54 | Computer Name = *****PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 12.09.2012 18:41:54 | Computer Name = *****PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 12.09.2012 18:41:54 | Computer Name = *****PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 12.09.2012 18:41:54 | Computer Name = *****PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 12.09.2012 18:41:54 | Computer Name = *****PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 12.09.2012 18:41:54 | Computer Name = *****PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
[ System Events ]
Error - 21.09.2012 11:19:13 | Computer Name = *****PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.09.2012 19:44:55 | Computer Name = *****PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Audio-Endpunkterstellung" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 28.09.2012 12:50:42 | Computer Name = *****PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >

--- --- ---
[/code]

cosinus · 03.11.2012, 19:27

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

halloihrda · 04.11.2012, 13:58

Hier die Logs:

Code:

ATTFilter

  13:53:21.0294 3088  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:53:21.0559 3088  ============================================================
13:53:21.0559 3088  Current date / time: 2012/11/04 13:53:21.0559
13:53:21.0559 3088  SystemInfo:
13:53:21.0559 3088  
13:53:21.0559 3088  OS Version: 6.1.7601 ServicePack: 1.0
13:53:21.0559 3088  Product type: Workstation
13:53:21.0559 3088  ComputerName: *****-PC
13:53:21.0559 3088  UserName: *****
13:53:21.0559 3088  Windows directory: C:\Windows
13:53:21.0559 3088  System windows directory: C:\Windows
13:53:21.0559 3088  Running under WOW64
13:53:21.0559 3088  Processor architecture: Intel x64
13:53:21.0559 3088  Number of processors: 4
13:53:21.0559 3088  Page size: 0x1000
13:53:21.0559 3088  Boot type: Normal boot
13:53:21.0559 3088  ============================================================
13:53:22.0402 3088  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:53:22.0417 3088  ============================================================
13:53:22.0417 3088  \Device\Harddisk0\DR0:
13:53:22.0417 3088  MBR partitions:
13:53:22.0417 3088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:53:22.0417 3088  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
13:53:22.0417 3088  ============================================================
13:53:22.0448 3088  C: <-> \Device\Harddisk0\DR0\Partition2
13:53:22.0448 3088  ============================================================
13:53:22.0448 3088  Initialize success
13:53:22.0448 3088  ============================================================
13:54:08.0780 4500  ============================================================
13:54:08.0780 4500  Scan started
13:54:08.0780 4500  Mode: Manual; SigCheck; TDLFS; 
13:54:08.0780 4500  ============================================================
13:54:09.0186 4500  ================ Scan system memory ========================
13:54:09.0186 4500  System memory - ok
13:54:09.0186 4500  ================ Scan services =============================
13:54:09.0311 4500  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:54:09.0404 4500  1394ohci - ok
13:54:09.0451 4500  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:54:09.0467 4500  ACPI - ok
13:54:09.0482 4500  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:54:09.0545 4500  AcpiPmi - ok
13:54:09.0607 4500  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
13:54:09.0623 4500  acsock - ok
13:54:09.0716 4500  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:54:09.0732 4500  AdobeFlashPlayerUpdateSvc - ok
13:54:09.0779 4500  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:54:09.0810 4500  adp94xx - ok
13:54:09.0826 4500  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:54:09.0841 4500  adpahci - ok
13:54:09.0841 4500  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:54:09.0841 4500  adpu320 - ok
13:54:09.0872 4500  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:54:09.0982 4500  AeLookupSvc - ok
13:54:10.0013 4500  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:54:10.0075 4500  AFD - ok
13:54:10.0122 4500  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:54:10.0122 4500  agp440 - ok
13:54:10.0169 4500  [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus   C:\Windows\system32\DRIVERS\AiChargerPlus.sys
13:54:10.0169 4500  AiChargerPlus - ok
13:54:10.0184 4500  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:54:10.0247 4500  ALG - ok
13:54:10.0278 4500  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:54:10.0294 4500  aliide - ok
13:54:10.0403 4500  ALSysIO - ok
13:54:10.0434 4500  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:54:10.0512 4500  AMD External Events Utility - ok
13:54:10.0528 4500  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:54:10.0543 4500  amdide - ok
13:54:10.0574 4500  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:54:10.0606 4500  AmdK8 - ok
13:54:10.0762 4500  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:54:10.0902 4500  amdkmdag - ok
13:54:10.0933 4500  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:54:10.0980 4500  amdkmdap - ok
13:54:11.0011 4500  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:54:11.0042 4500  AmdPPM - ok
13:54:11.0074 4500  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:54:11.0089 4500  amdsata - ok
13:54:11.0120 4500  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:54:11.0136 4500  amdsbs - ok
13:54:11.0152 4500  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:54:11.0167 4500  amdxata - ok
13:54:11.0198 4500  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:54:11.0261 4500  AppID - ok
13:54:11.0292 4500  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:54:11.0339 4500  AppIDSvc - ok
13:54:11.0354 4500  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:54:11.0401 4500  Appinfo - ok
13:54:11.0479 4500  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:54:11.0479 4500  Apple Mobile Device - ok
13:54:11.0495 4500  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
13:54:11.0510 4500  arc - ok
13:54:11.0510 4500  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:54:11.0510 4500  arcsas - ok
13:54:11.0573 4500  [ FB03A917C1294D3E6D671F24722E1BA3 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
13:54:11.0604 4500  asComSvc - ok
13:54:11.0635 4500  [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
13:54:11.0666 4500  asHmComSvc - ok
13:54:11.0682 4500  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
13:54:11.0698 4500  AsIO - ok
13:54:11.0744 4500  [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
13:54:11.0776 4500  asmthub3 - ok
13:54:11.0791 4500  [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
13:54:11.0854 4500  asmtxhci - ok
13:54:11.0869 4500  [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
13:54:11.0900 4500  AsSysCtrlService - ok
13:54:11.0916 4500  [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
13:54:11.0932 4500  AsUpIO - ok
13:54:11.0963 4500  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:54:12.0025 4500  AsyncMac - ok
13:54:12.0041 4500  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:54:12.0041 4500  atapi - ok
13:54:12.0103 4500  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:54:12.0119 4500  AtiHDAudioService - ok
13:54:12.0166 4500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:54:12.0228 4500  AudioEndpointBuilder - ok
13:54:12.0244 4500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:54:12.0259 4500  AudioSrv - ok
13:54:12.0290 4500  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:54:12.0353 4500  AxInstSV - ok
13:54:12.0400 4500  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:54:12.0462 4500  b06bdrv - ok
13:54:12.0493 4500  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:54:12.0524 4500  b57nd60a - ok
13:54:12.0540 4500  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:54:12.0571 4500  BDESVC - ok
13:54:12.0587 4500  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:54:12.0618 4500  Beep - ok
13:54:12.0665 4500  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:54:12.0712 4500  BFE - ok
13:54:12.0743 4500  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:54:12.0821 4500  BITS - ok
13:54:12.0852 4500  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:54:12.0883 4500  blbdrive - ok
13:54:12.0946 4500  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:54:12.0961 4500  Bonjour Service - ok
13:54:13.0008 4500  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:54:13.0055 4500  bowser - ok
13:54:13.0086 4500  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:54:13.0117 4500  BrFiltLo - ok
13:54:13.0148 4500  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:54:13.0164 4500  BrFiltUp - ok
13:54:13.0195 4500  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:54:13.0226 4500  Browser - ok
13:54:13.0242 4500  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:54:13.0304 4500  Brserid - ok
13:54:13.0304 4500  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:54:13.0351 4500  BrSerWdm - ok
13:54:13.0367 4500  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:54:13.0398 4500  BrUsbMdm - ok
13:54:13.0414 4500  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:54:13.0445 4500  BrUsbSer - ok
13:54:13.0476 4500  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:54:13.0492 4500  BTHMODEM - ok
13:54:13.0538 4500  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:54:13.0585 4500  bthserv - ok
13:54:13.0601 4500  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:54:13.0648 4500  cdfs - ok
13:54:13.0679 4500  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:54:13.0679 4500  cdrom - ok
13:54:13.0726 4500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:54:13.0772 4500  CertPropSvc - ok
13:54:13.0788 4500  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
13:54:13.0804 4500  circlass - ok
13:54:13.0850 4500  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:54:13.0882 4500  CLFS - ok
13:54:13.0928 4500  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:13.0944 4500  clr_optimization_v2.0.50727_32 - ok
13:54:13.0975 4500  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:54:13.0991 4500  clr_optimization_v2.0.50727_64 - ok
13:54:14.0069 4500  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:14.0084 4500  clr_optimization_v4.0.30319_32 - ok
13:54:14.0131 4500  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:54:14.0131 4500  clr_optimization_v4.0.30319_64 - ok
13:54:14.0178 4500  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:54:14.0209 4500  CmBatt - ok
13:54:14.0225 4500  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:54:14.0240 4500  cmdide - ok
13:54:14.0287 4500  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:54:14.0318 4500  CNG - ok
13:54:14.0334 4500  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:54:14.0334 4500  Compbatt - ok
13:54:14.0381 4500  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:54:14.0412 4500  CompositeBus - ok
13:54:14.0428 4500  COMSysApp - ok
13:54:14.0443 4500  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:54:14.0459 4500  crcdisk - ok
13:54:14.0490 4500  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:54:14.0537 4500  CryptSvc - ok
13:54:14.0568 4500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:54:14.0630 4500  DcomLaunch - ok
13:54:14.0662 4500  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:54:14.0693 4500  defragsvc - ok
13:54:14.0724 4500  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:54:14.0755 4500  DfsC - ok
13:54:14.0786 4500  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:54:14.0833 4500  Dhcp - ok
13:54:14.0849 4500  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:54:14.0911 4500  discache - ok
13:54:14.0927 4500  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
13:54:14.0927 4500  Disk - ok
13:54:14.0974 4500  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:54:15.0020 4500  Dnscache - ok
13:54:15.0052 4500  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:54:15.0114 4500  dot3svc - ok
13:54:15.0130 4500  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:54:15.0161 4500  DPS - ok
13:54:15.0192 4500  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:54:15.0223 4500  drmkaud - ok
13:54:15.0254 4500  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:54:15.0286 4500  DXGKrnl - ok
13:54:15.0301 4500  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:54:15.0364 4500  EapHost - ok
13:54:15.0410 4500  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:54:15.0457 4500  ebdrv - ok
13:54:15.0488 4500  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:54:15.0551 4500  EFS - ok
13:54:15.0613 4500  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:54:15.0676 4500  ehRecvr - ok
13:54:15.0691 4500  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:54:15.0722 4500  ehSched - ok
13:54:15.0754 4500  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:54:15.0785 4500  elxstor - ok
13:54:15.0800 4500  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:54:15.0816 4500  ErrDev - ok
13:54:15.0847 4500  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:54:15.0878 4500  EventSystem - ok
13:54:15.0910 4500  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:54:15.0941 4500  exfat - ok
13:54:15.0941 4500  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:54:15.0988 4500  fastfat - ok
13:54:16.0019 4500  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:54:16.0066 4500  Fax - ok
13:54:16.0066 4500  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
13:54:16.0097 4500  fdc - ok
13:54:16.0112 4500  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:54:16.0144 4500  fdPHost - ok
13:54:16.0159 4500  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:54:16.0222 4500  FDResPub - ok
13:54:16.0253 4500  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:54:16.0253 4500  FileInfo - ok
13:54:16.0269 4500  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:54:16.0300 4500  Filetrace - ok
13:54:16.0315 4500  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:54:16.0315 4500  flpydisk - ok
13:54:16.0331 4500  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:54:16.0347 4500  FltMgr - ok
13:54:16.0378 4500  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
13:54:16.0425 4500  FontCache - ok
13:54:16.0471 4500  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:54:16.0487 4500  FontCache3.0.0.0 - ok
13:54:16.0487 4500  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:54:16.0503 4500  FsDepends - ok
13:54:16.0549 4500  [ 8197C85348A33BCCFE80DD6E2DB53903 ] FSProFilter     C:\Windows\system32\Drivers\FSPFltd.sys
13:54:16.0565 4500  FSProFilter - ok
13:54:16.0596 4500  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:54:16.0612 4500  Fs_Rec - ok
13:54:16.0643 4500  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:54:16.0659 4500  fvevol - ok
13:54:16.0690 4500  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:54:16.0705 4500  gagp30kx - ok
13:54:16.0737 4500  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:54:16.0737 4500  GEARAspiWDM - ok
13:54:16.0768 4500  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:54:16.0830 4500  gpsvc - ok
13:54:16.0830 4500  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:54:16.0861 4500  hcw85cir - ok
13:54:16.0908 4500  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:54:16.0939 4500  HdAudAddService - ok
13:54:16.0971 4500  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:54:17.0017 4500  HDAudBus - ok
13:54:17.0033 4500  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:54:17.0064 4500  HidBatt - ok
13:54:17.0095 4500  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:54:17.0127 4500  HidBth - ok
13:54:17.0142 4500  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:54:17.0173 4500  HidIr - ok
13:54:17.0173 4500  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
13:54:17.0205 4500  hidserv - ok
13:54:17.0236 4500  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:54:17.0251 4500  HidUsb - ok
13:54:17.0283 4500  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:54:17.0329 4500  hkmsvc - ok
13:54:17.0361 4500  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:54:17.0376 4500  HomeGroupListener - ok
13:54:17.0407 4500  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:54:17.0439 4500  HomeGroupProvider - ok
13:54:17.0470 4500  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:54:17.0470 4500  HpSAMD - ok
13:54:17.0532 4500  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:54:17.0563 4500  HTCAND64 - ok
13:54:17.0657 4500  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
13:54:17.0673 4500  HTCMonitorService - ok
13:54:17.0688 4500  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
13:54:17.0688 4500  htcnprot - ok
13:54:17.0735 4500  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:54:17.0782 4500  HTTP - ok
13:54:17.0813 4500  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:54:17.0813 4500  hwpolicy - ok
13:54:17.0860 4500  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:54:17.0860 4500  i8042prt - ok
13:54:17.0891 4500  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:54:17.0922 4500  iaStorV - ok
13:54:17.0953 4500  [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
13:54:17.0969 4500  ICCWDT - ok
13:54:18.0000 4500  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:54:18.0031 4500  idsvc - ok
13:54:18.0063 4500  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:54:18.0063 4500  iirsp - ok
13:54:18.0094 4500  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:54:18.0141 4500  IKEEXT - ok
13:54:18.0219 4500  [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:54:18.0250 4500  IntcAzAudAddService - ok
13:54:18.0265 4500  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:54:18.0265 4500  intelide - ok
13:54:18.0281 4500  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:54:18.0312 4500  intelppm - ok
13:54:18.0343 4500  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:54:18.0390 4500  IPBusEnum - ok
13:54:18.0406 4500  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:54:18.0453 4500  IpFilterDriver - ok
13:54:18.0484 4500  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:54:18.0515 4500  iphlpsvc - ok
13:54:18.0531 4500  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:54:18.0546 4500  IPMIDRV - ok
13:54:18.0546 4500  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:54:18.0593 4500  IPNAT - ok
13:54:18.0624 4500  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:54:18.0655 4500  iPod Service - ok
13:54:18.0687 4500  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:54:18.0718 4500  IRENUM - ok
13:54:18.0765 4500  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:54:18.0765 4500  isapnp - ok
13:54:18.0796 4500  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:54:18.0811 4500  iScsiPrt - ok
13:54:18.0827 4500  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:54:18.0843 4500  kbdclass - ok
13:54:18.0874 4500  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:54:18.0889 4500  kbdhid - ok
13:54:18.0936 4500  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:54:18.0952 4500  KeyIso - ok
13:54:18.0983 4500  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:54:18.0999 4500  KSecDD - ok
13:54:19.0014 4500  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:54:19.0030 4500  KSecPkg - ok
13:54:19.0030 4500  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:54:19.0077 4500  ksthunk - ok
13:54:19.0108 4500  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:54:19.0155 4500  KtmRm - ok
13:54:19.0170 4500  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:54:19.0217 4500  LanmanServer - ok
13:54:19.0248 4500  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:54:19.0311 4500  LanmanWorkstation - ok
13:54:19.0342 4500  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:54:19.0404 4500  lltdio - ok
13:54:19.0420 4500  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:54:19.0467 4500  lltdsvc - ok
13:54:19.0482 4500  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:54:19.0529 4500  lmhosts - ok
13:54:19.0560 4500  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:54:19.0560 4500  LSI_FC - ok
13:54:19.0607 4500  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:54:19.0607 4500  LSI_SAS - ok
13:54:19.0623 4500  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:54:19.0623 4500  LSI_SAS2 - ok
13:54:19.0623 4500  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:54:19.0638 4500  LSI_SCSI - ok
13:54:19.0654 4500  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:54:19.0685 4500  luafv - ok
13:54:19.0716 4500  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:54:19.0732 4500  Mcx2Svc - ok
13:54:19.0763 4500  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:54:19.0763 4500  megasas - ok
13:54:19.0810 4500  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:54:19.0825 4500  MegaSR - ok
13:54:19.0857 4500  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:54:19.0872 4500  MEIx64 - ok
13:54:19.0888 4500  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:54:19.0950 4500  MMCSS - ok
13:54:19.0966 4500  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:54:20.0013 4500  Modem - ok
13:54:20.0028 4500  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:54:20.0044 4500  monitor - ok
13:54:20.0106 4500  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:54:20.0122 4500  mouclass - ok
13:54:20.0153 4500  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:54:20.0184 4500  mouhid - ok
13:54:20.0215 4500  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:54:20.0231 4500  mountmgr - ok
13:54:20.0293 4500  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:54:20.0309 4500  MozillaMaintenance - ok
13:54:20.0340 4500  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:54:20.0356 4500  MpFilter - ok
13:54:20.0387 4500  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:54:20.0387 4500  mpio - ok
13:54:20.0403 4500  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:54:20.0418 4500  mpsdrv - ok
13:54:20.0449 4500  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:54:20.0481 4500  MpsSvc - ok
13:54:20.0496 4500  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:54:20.0512 4500  MRxDAV - ok
13:54:20.0543 4500  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:54:20.0590 4500  mrxsmb - ok
13:54:20.0605 4500  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:54:20.0621 4500  mrxsmb10 - ok
13:54:20.0637 4500  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:54:20.0637 4500  mrxsmb20 - ok
13:54:20.0652 4500  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:54:20.0652 4500  msahci - ok
13:54:20.0668 4500  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:54:20.0683 4500  msdsm - ok
13:54:20.0699 4500  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:54:20.0715 4500  MSDTC - ok
13:54:20.0746 4500  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:54:20.0793 4500  Msfs - ok
13:54:20.0808 4500  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:54:20.0855 4500  mshidkmdf - ok
13:54:20.0871 4500  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:54:20.0871 4500  msisadrv - ok
13:54:20.0886 4500  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:54:20.0933 4500  MSiSCSI - ok
13:54:20.0933 4500  msiserver - ok
13:54:20.0949 4500  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:54:20.0995 4500  MSKSSRV - ok
13:54:21.0058 4500  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:54:21.0073 4500  MsMpSvc - ok
13:54:21.0120 4500  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:54:21.0167 4500  MSPCLOCK - ok
13:54:21.0167 4500  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:54:21.0198 4500  MSPQM - ok
13:54:21.0214 4500  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:54:21.0229 4500  MsRPC - ok
13:54:21.0229 4500  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:54:21.0245 4500  mssmbios - ok
13:54:21.0261 4500  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:54:21.0276 4500  MSTEE - ok
13:54:21.0292 4500  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:54:21.0307 4500  MTConfig - ok
13:54:21.0307 4500  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:54:21.0323 4500  Mup - ok
13:54:21.0339 4500  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:54:21.0385 4500  napagent - ok
13:54:21.0417 4500  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:54:21.0448 4500  NativeWifiP - ok
13:54:21.0495 4500  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:54:21.0510 4500  NDIS - ok
13:54:21.0526 4500  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:54:21.0557 4500  NdisCap - ok
13:54:21.0588 4500  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:54:21.0619 4500  NdisTapi - ok
13:54:21.0635 4500  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:54:21.0666 4500  Ndisuio - ok
13:54:21.0697 4500  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:54:21.0744 4500  NdisWan - ok
13:54:21.0775 4500  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:54:21.0807 4500  NDProxy - ok
13:54:21.0838 4500  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:54:21.0885 4500  NetBIOS - ok
13:54:21.0900 4500  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:54:21.0931 4500  NetBT - ok
13:54:21.0963 4500  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:54:21.0994 4500  Netlogon - ok
13:54:22.0041 4500  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:54:22.0103 4500  Netman - ok
13:54:22.0119 4500  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:54:22.0165 4500  netprofm - ok
13:54:22.0197 4500  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:54:22.0212 4500  NetTcpPortSharing - ok
13:54:22.0243 4500  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:54:22.0259 4500  nfrd960 - ok
13:54:22.0306 4500  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:54:22.0321 4500  NisDrv - ok
13:54:22.0337 4500  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:54:22.0353 4500  NisSrv - ok
13:54:22.0368 4500  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:54:22.0399 4500  NlaSvc - ok
13:54:22.0431 4500  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:54:22.0462 4500  Npfs - ok
13:54:22.0477 4500  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:54:22.0493 4500  nsi - ok
13:54:22.0509 4500  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:54:22.0540 4500  nsiproxy - ok
13:54:22.0587 4500  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:54:22.0618 4500  Ntfs - ok
13:54:22.0633 4500  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:54:22.0665 4500  Null - ok
13:54:22.0711 4500  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:54:22.0727 4500  nvraid - ok
13:54:22.0758 4500  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:54:22.0774 4500  nvstor - ok
13:54:22.0821 4500  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:54:22.0836 4500  nv_agp - ok
13:54:22.0836 4500  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:54:22.0867 4500  ohci1394 - ok
13:54:22.0899 4500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:54:22.0930 4500  p2pimsvc - ok
13:54:22.0961 4500  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:54:22.0977 4500  p2psvc - ok
13:54:22.0992 4500  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
13:54:23.0023 4500  Parport - ok
13:54:23.0055 4500  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:54:23.0055 4500  partmgr - ok
13:54:23.0101 4500  [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:54:23.0133 4500  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:54:23.0133 4500  PassThru Service - detected UnsignedFile.Multi.Generic (1)
13:54:23.0148 4500  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:54:23.0195 4500  PcaSvc - ok
13:54:23.0211 4500  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:54:23.0226 4500  pci - ok
13:54:23.0242 4500  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:54:23.0257 4500  pciide - ok
13:54:23.0273 4500  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:54:23.0304 4500  pcmcia - ok
13:54:23.0304 4500  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:54:23.0320 4500  pcw - ok
13:54:23.0335 4500  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:54:23.0398 4500  PEAUTH - ok
13:54:23.0460 4500  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:54:23.0491 4500  PerfHost - ok
13:54:23.0507 4500  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:54:23.0569 4500  pla - ok
13:54:23.0601 4500  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:54:23.0647 4500  PlugPlay - ok
13:54:23.0663 4500  PnkBstrA - ok
13:54:23.0694 4500  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:54:23.0710 4500  PNRPAutoReg - ok
13:54:23.0725 4500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:54:23.0741 4500  PNRPsvc - ok
13:54:23.0757 4500  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:54:23.0803 4500  PolicyAgent - ok
13:54:23.0835 4500  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:54:23.0881 4500  Power - ok
13:54:23.0897 4500  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:54:23.0959 4500  PptpMiniport - ok
13:54:23.0975 4500  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
13:54:24.0006 4500  Processor - ok
13:54:24.0037 4500  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:54:24.0084 4500  ProfSvc - ok
13:54:24.0100 4500  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:54:24.0115 4500  ProtectedStorage - ok
13:54:24.0147 4500  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:54:24.0193 4500  Psched - ok
13:54:24.0256 4500  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:54:24.0287 4500  ql2300 - ok
13:54:24.0303 4500  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:54:24.0303 4500  ql40xx - ok
13:54:24.0334 4500  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:54:24.0349 4500  QWAVE - ok
13:54:24.0349 4500  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:54:24.0365 4500  QWAVEdrv - ok
13:54:24.0381 4500  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:54:24.0396 4500  RasAcd - ok
13:54:24.0443 4500  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:54:24.0474 4500  RasAgileVpn - ok
13:54:24.0490 4500  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:54:24.0521 4500  RasAuto - ok
13:54:24.0552 4500  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:54:24.0599 4500  Rasl2tp - ok
13:54:24.0599 4500  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:54:24.0630 4500  RasMan - ok
13:54:24.0646 4500  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:54:24.0677 4500  RasPppoe - ok
13:54:24.0708 4500  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:54:24.0739 4500  RasSstp - ok
13:54:24.0739 4500  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:54:24.0771 4500  rdbss - ok
13:54:24.0786 4500  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:54:24.0802 4500  rdpbus - ok
13:54:24.0833 4500  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:54:24.0849 4500  RDPCDD - ok
13:54:24.0880 4500  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:54:24.0942 4500  RDPENCDD - ok
13:54:24.0973 4500  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:54:24.0989 4500  RDPREFMP - ok
13:54:25.0020 4500  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:54:25.0051 4500  RDPWD - ok
13:54:25.0098 4500  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:54:25.0114 4500  rdyboost - ok
13:54:25.0145 4500  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:54:25.0161 4500  RemoteAccess - ok
13:54:25.0192 4500  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:54:25.0223 4500  RemoteRegistry - ok
13:54:25.0254 4500  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:54:25.0301 4500  RpcEptMapper - ok
13:54:25.0317 4500  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:54:25.0348 4500  RpcLocator - ok
13:54:25.0363 4500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:54:25.0395 4500  RpcSs - ok
13:54:25.0426 4500  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:54:25.0441 4500  rspndr - ok
13:54:25.0504 4500  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:54:25.0519 4500  RTL8167 - ok
13:54:25.0551 4500  [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
13:54:25.0566 4500  RtNdPt60 - ok
13:54:25.0582 4500  [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
13:54:25.0582 4500  RTTEAMPT - ok
13:54:25.0597 4500  [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
13:54:25.0613 4500  RTVLANPT - ok
13:54:25.0613 4500  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:54:25.0629 4500  SamSs - ok
13:54:25.0707 4500  [ F444EBA4C58AD1D6D1DA9850C2B5D829 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
13:54:25.0722 4500  SbieDrv - ok
13:54:25.0753 4500  [ 9E92ABAE6F6A63C4307FE7CC4AC95831 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
13:54:25.0769 4500  SbieSvc - ok
13:54:25.0785 4500  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:54:25.0800 4500  sbp2port - ok
13:54:25.0816 4500  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:54:25.0847 4500  SCardSvr - ok
13:54:25.0847 4500  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:54:25.0878 4500  scfilter - ok
13:54:25.0909 4500  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:54:25.0956 4500  Schedule - ok
13:54:25.0972 4500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:54:25.0987 4500  SCPolicySvc - ok
13:54:25.0987 4500  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:54:26.0050 4500  SDRSVC - ok
13:54:26.0081 4500  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:54:26.0128 4500  secdrv - ok
13:54:26.0143 4500  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:54:26.0175 4500  seclogon - ok
13:54:26.0190 4500  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:54:26.0206 4500  SENS - ok
13:54:26.0253 4500  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:54:26.0299 4500  SensrSvc - ok
13:54:26.0331 4500  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:54:26.0362 4500  Serenum - ok
13:54:26.0409 4500  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:54:26.0440 4500  Serial - ok
13:54:26.0471 4500  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:54:26.0518 4500  sermouse - ok
13:54:26.0580 4500  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:54:26.0658 4500  SessionEnv - ok
13:54:26.0752 4500  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:54:26.0767 4500  sffdisk - ok
13:54:26.0767 4500  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:54:26.0799 4500  sffp_mmc - ok
13:54:26.0799 4500  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:54:26.0814 4500  sffp_sd - ok
13:54:26.0814 4500  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:54:26.0830 4500  sfloppy - ok
13:54:26.0861 4500  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:54:26.0923 4500  SharedAccess - ok
13:54:26.0955 4500  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:54:27.0001 4500  ShellHWDetection - ok
13:54:27.0017 4500  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:54:27.0033 4500  SiSRaid2 - ok
13:54:27.0033 4500  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:54:27.0033 4500  SiSRaid4 - ok
13:54:27.0095 4500  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:54:27.0111 4500  SkypeUpdate - ok
13:54:27.0157 4500  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:54:27.0204 4500  Smb - ok
13:54:27.0235 4500  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:54:27.0267 4500  SNMPTRAP - ok
13:54:27.0282 4500  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:54:27.0282 4500  spldr - ok
13:54:27.0313 4500  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:54:27.0360 4500  Spooler - ok
13:54:27.0407 4500  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:54:27.0501 4500  sppsvc - ok
13:54:27.0516 4500  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:54:27.0547 4500  sppuinotify - ok
13:54:27.0579 4500  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:54:27.0625 4500  srv - ok
13:54:27.0641 4500  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:54:27.0672 4500  srv2 - ok
13:54:27.0688 4500  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:54:27.0703 4500  srvnet - ok
13:54:27.0735 4500  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:54:27.0766 4500  SSDPSRV - ok
13:54:27.0781 4500  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:54:27.0797 4500  SstpSvc - ok
13:54:27.0859 4500  Steam Client Service - ok
13:54:27.0891 4500  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:54:27.0906 4500  stexstor - ok
13:54:27.0953 4500  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:54:28.0000 4500  stisvc - ok
13:54:28.0015 4500  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:54:28.0015 4500  swenum - ok
13:54:28.0031 4500  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:54:28.0078 4500  swprv - ok
13:54:28.0125 4500  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:54:28.0171 4500  SysMain - ok
13:54:28.0187 4500  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:54:28.0234 4500  TabletInputService - ok
13:54:28.0265 4500  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:54:28.0327 4500  TapiSrv - ok
13:54:28.0343 4500  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:54:28.0374 4500  TBS - ok
13:54:28.0437 4500  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:54:28.0483 4500  Tcpip - ok
13:54:28.0515 4500  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:54:28.0546 4500  TCPIP6 - ok
13:54:28.0561 4500  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:54:28.0608 4500  tcpipreg - ok
13:54:28.0639 4500  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:54:28.0686 4500  TDPIPE - ok
13:54:28.0702 4500  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:54:28.0733 4500  TDTCP - ok
13:54:28.0749 4500  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:54:28.0780 4500  tdx - ok
13:54:28.0811 4500  [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
13:54:28.0827 4500  TEAM - ok
13:54:28.0827 4500  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:54:28.0842 4500  TermDD - ok
13:54:28.0873 4500  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:54:28.0920 4500  TermService - ok
13:54:28.0936 4500  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:54:28.0951 4500  Themes - ok
13:54:28.0951 4500  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:54:28.0983 4500  THREADORDER - ok
13:54:28.0998 4500  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:54:29.0045 4500  TrkWks - ok
13:54:29.0092 4500  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:54:29.0139 4500  TrustedInstaller - ok
13:54:29.0154 4500  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:54:29.0185 4500  tssecsrv - ok
13:54:29.0217 4500  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:54:29.0232 4500  TsUsbFlt - ok
13:54:29.0248 4500  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:54:29.0263 4500  TsUsbGD - ok
13:54:29.0279 4500  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:54:29.0341 4500  tunnel - ok
13:54:29.0341 4500  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:54:29.0341 4500  uagp35 - ok
13:54:29.0373 4500  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:54:29.0404 4500  udfs - ok
13:54:29.0419 4500  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:54:29.0466 4500  UI0Detect - ok
13:54:29.0482 4500  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:54:29.0482 4500  uliagpkx - ok
13:54:29.0513 4500  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:54:29.0544 4500  umbus - ok
13:54:29.0575 4500  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:54:29.0607 4500  UmPass - ok
13:54:29.0638 4500  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:54:29.0716 4500  upnphost - ok
13:54:29.0747 4500  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:54:29.0794 4500  USBAAPL64 - ok
13:54:29.0841 4500  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:54:29.0872 4500  usbaudio - ok
13:54:29.0903 4500  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:54:29.0919 4500  usbccgp - ok
13:54:29.0934 4500  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:54:29.0965 4500  usbcir - ok
13:54:29.0997 4500  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:54:30.0028 4500  usbehci - ok
13:54:30.0043 4500  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:54:30.0075 4500  usbhub - ok
13:54:30.0090 4500  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:54:30.0121 4500  usbohci - ok
13:54:30.0137 4500  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:54:30.0184 4500  usbprint - ok
13:54:30.0199 4500  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:54:30.0262 4500  USBSTOR - ok
13:54:30.0277 4500  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:54:30.0293 4500  usbuhci - ok
13:54:30.0340 4500  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:54:30.0387 4500  UxSms - ok
13:54:30.0402 4500  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:54:30.0418 4500  VaultSvc - ok
13:54:30.0449 4500  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:54:30.0449 4500  vdrvroot - ok
13:54:30.0465 4500  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:54:30.0511 4500  vds - ok
13:54:30.0543 4500  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:54:30.0558 4500  vga - ok
13:54:30.0558 4500  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:54:30.0589 4500  VgaSave - ok
13:54:30.0605 4500  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:54:30.0605 4500  vhdmp - ok
13:54:30.0636 4500  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:54:30.0636 4500  viaide - ok
13:54:30.0652 4500  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:54:30.0652 4500  volmgr - ok
13:54:30.0667 4500  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:54:30.0683 4500  volmgrx - ok
13:54:30.0699 4500  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:54:30.0699 4500  volsnap - ok
13:54:30.0761 4500  [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
13:54:30.0777 4500  vpnagent - ok
13:54:30.0823 4500  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
13:54:30.0823 4500  vpnva - ok
13:54:30.0870 4500  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:54:30.0870 4500  vsmraid - ok
13:54:30.0917 4500  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:54:30.0964 4500  VSS - ok
13:54:30.0995 4500  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:54:31.0026 4500  vwifibus - ok
13:54:31.0057 4500  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:54:31.0104 4500  W32Time - ok
13:54:31.0120 4500  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:54:31.0135 4500  WacomPen - ok
13:54:31.0167 4500  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:54:31.0213 4500  WANARP - ok
13:54:31.0213 4500  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:54:31.0229 4500  Wanarpv6 - ok
13:54:31.0260 4500  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:54:31.0323 4500  wbengine - ok
13:54:31.0338 4500  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:54:31.0354 4500  WbioSrvc - ok
13:54:31.0385 4500  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:54:31.0416 4500  wcncsvc - ok
13:54:31.0432 4500  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:54:31.0463 4500  WcsPlugInService - ok
13:54:31.0479 4500  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
13:54:31.0479 4500  Wd - ok
13:54:31.0494 4500  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:54:31.0510 4500  Wdf01000 - ok
13:54:31.0525 4500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:54:31.0603 4500  WdiServiceHost - ok
13:54:31.0603 4500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:54:31.0619 4500  WdiSystemHost - ok
13:54:31.0635 4500  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:54:31.0681 4500  WebClient - ok
13:54:31.0697 4500  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:54:31.0744 4500  Wecsvc - ok
13:54:31.0775 4500  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:54:31.0806 4500  wercplsupport - ok
13:54:31.0837 4500  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:54:31.0884 4500  WerSvc - ok
13:54:31.0915 4500  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:54:31.0931 4500  WfpLwf - ok
13:54:31.0947 4500  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:54:31.0962 4500  WIMMount - ok
13:54:31.0962 4500  WinDefend - ok
13:54:31.0962 4500  WinHttpAutoProxySvc - ok
13:54:32.0009 4500  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:54:32.0040 4500  Winmgmt - ok
13:54:32.0087 4500  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:54:32.0134 4500  WinRM - ok
13:54:32.0196 4500  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:54:32.0227 4500  WinUsb - ok
13:54:32.0259 4500  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:54:32.0321 4500  Wlansvc - ok
13:54:32.0337 4500  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:54:32.0337 4500  WmiAcpi - ok
13:54:32.0368 4500  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:54:32.0415 4500  wmiApSrv - ok
13:54:32.0446 4500  WMPNetworkSvc - ok
13:54:32.0461 4500  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:54:32.0493 4500  WPCSvc - ok
13:54:32.0508 4500  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:54:32.0524 4500  WPDBusEnum - ok
13:54:32.0539 4500  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:54:32.0555 4500  ws2ifsl - ok
13:54:32.0571 4500  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:54:32.0602 4500  wscsvc - ok
13:54:32.0617 4500  WSearch - ok
13:54:32.0680 4500  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:54:32.0727 4500  wuauserv - ok
13:54:32.0742 4500  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:54:32.0773 4500  WudfPf - ok
13:54:32.0789 4500  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:54:32.0851 4500  WUDFRd - ok
13:54:32.0883 4500  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:54:32.0914 4500  wudfsvc - ok
13:54:32.0929 4500  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:54:32.0961 4500  WwanSvc - ok
13:54:32.0976 4500  ================ Scan global ===============================
13:54:33.0007 4500  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:54:33.0039 4500  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:54:33.0054 4500  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:54:33.0085 4500  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:54:33.0101 4500  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:54:33.0117 4500  [Global] - ok
13:54:33.0117 4500  ================ Scan MBR ==================================
13:54:33.0117 4500  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:54:33.0288 4500  \Device\Harddisk0\DR0 - ok
13:54:33.0288 4500  ================ Scan VBR ==================================
13:54:33.0288 4500  [ ABA0D6FD4906E38B6FCD9959C7A25F93 ] \Device\Harddisk0\DR0\Partition1
13:54:33.0288 4500  \Device\Harddisk0\DR0\Partition1 - ok
13:54:33.0319 4500  [ C7A42965EC0D1BAC7BC6C4D1C76074B8 ] \Device\Harddisk0\DR0\Partition2
13:54:33.0319 4500  \Device\Harddisk0\DR0\Partition2 - ok
13:54:33.0319 4500  ============================================================
13:54:33.0319 4500  Scan finished
13:54:33.0319 4500  ============================================================
13:54:33.0319 4780  Detected object count: 1
13:54:33.0319 4780  Actual detected object count: 1
13:55:04.0863 4780  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:04.0863 4780  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-04 13:37:21
-----------------------------
13:37:21.608    OS Version: Windows x64 6.1.7601 Service Pack 1
13:37:21.608    Number of processors: 4 586 0x2A07
13:37:21.608    ComputerName: *****-PC  UserName: *****
13:37:22.045    Initialize success
13:40:49.422    AVAST engine defs: 12110400
13:42:36.861    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:42:36.877    Disk 0 Vendor: ST500DM005_HD502HJ 1AJ10001 Size: 476940MB BusType: 11
13:42:36.877    Disk 0 MBR read successfully
13:42:36.877    Disk 0 MBR scan
13:42:36.893    Disk 0 Windows 7 default MBR code
13:42:36.893    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:42:36.908    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
13:42:36.939    Disk 0 scanning C:\Windows\system32\drivers
13:42:42.805    Service scanning
13:42:55.488    Modules scanning
13:42:55.488    Disk 0 trace - called modules:
13:42:55.504    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:42:55.504    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80081af060]
13:42:55.504    3 CLASSPNP.SYS[fffff8800198143f] -> nt!IofCallDriver -> [0xfffffa8007af2520]
13:42:55.519    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007712180]
13:42:55.972    AVAST engine scan C:\Windows
13:42:57.656    AVAST engine scan C:\Windows\system32
13:44:32.458    AVAST engine scan C:\Windows\system32\drivers
13:44:39.290    AVAST engine scan C:\Users\*****
13:48:11.248    AVAST engine scan C:\ProgramData
13:48:34.976    Scan finished successfully
13:50:07.624    Disk 0 MBR has been saved successfully to "C:\Users\Allgemein\Desktop\MBR.dat"
13:50:07.624    The log file has been saved successfully to "C:\Users\Allgemein\Desktop\aswMBR.txt"

Vielen Dank für deine Mühe!

cosinus · 04.11.2012, 17:09

Logs sind unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

halloihrda · 04.11.2012, 17:28

Code:

ATTFilter

 

# AdwCleaner v2.006 - Datei am 04/11/2012 um 17:25:58 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Allgemein\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Anti-phishing Domain Advisor
Ordner Gefunden : C:\Users\*****\AppData\Local\Temp\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\97xtdero.default\extensions\staged
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\afh30kyo.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN DTX
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://eu.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=1279306050904921&p2=^A9T^YYYYYY^YY^DE

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\97xtdero.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\7brcw81e.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\afh30kyo.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\j3i3n3le.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2104 octets] - [04/11/2012 17:25:58]

########## EOF - \AdwCleaner[R1].txt - [2164 octets] ##########

Danke!

cosinus · 05.11.2012, 10:51

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

halloihrda · 09.11.2012, 17:27

Entschuldige die Verzögerung, musste über die Tage leider weg

Hier das Log

Code:

ATTFilter

 # AdwCleaner v2.006 - Datei am 09/11/2012 um 17:20:42 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Allgemein\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Anti-phishing Domain Advisor
Ordner Gelöscht : C:\Users\*****\AppData\Local\Temp\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\97xtdero.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://eu.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=1279306050904921&p2=^A9T^YYYYYY^YY^DE --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\97xtdero.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\7brcw81e.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\afh30kyo.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\j3i3n3le.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2032 octets] - [09/11/2012 17:20:42]
AdwCleaner[R1].txt - [2231 octets] - [04/11/2012 17:25:58]

########## EOF - \AdwCleaner[S1].txt - [2152 octets] ##########

Danke, halloihrda

cosinus · 09.11.2012, 20:05

Bitte mal den aktuellen adwCleaner v2.007 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

halloihrda · 10.11.2012, 16:16

Code:

ATTFilter

 # AdwCleaner v2.007 - Datei am 10/11/2012 um 16:14:48 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Allgemein\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\97xtdero.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\7brcw81e.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\afh30kyo.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\j3i3n3le.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1193 octets] - [10/11/2012 16:14:48]

########## EOF - \AdwCleaner[R1].txt - [1253 octets] ##########

myStart-Problem unsicher ob wirklich behoben

Plagegeister aller Art und deren Bekämpfung: myStart-Problem unsicher ob wirklich behoben